summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitmodules3
-rw-r--r--README23
-rw-r--r--controls/cf_serverd.cf3
-rw-r--r--failsafe.cf21
m---------modules0
5 files changed, 49 insertions, 1 deletions
diff --git a/.gitmodules b/.gitmodules
index 1e41644..1afb3fd 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,6 @@
[submodule "lib"]
path = lib
url = gitolite3@10.1.0.254:cfengine_stdlib
+[submodule "modules"]
+ path = modules
+ url = gitolite3@10.1.0.254:cfengine_modules
diff --git a/README b/README
index 1e1138e..9fd92b5 100644
--- a/README
+++ b/README
@@ -14,3 +14,26 @@ git push legend master
Then in your masterfiles repo:
git submodule update --init --recursive
+
+cfengine modules
+================
+
+We have a second submodule for cfengine modules, also initialized from the master branch of the official github masterfiles. To update, run:
+
+git clone https://github.com/cfengine/masterfiles/ cfengine_stdlib
+cd cfengine_masterfiles/
+git filter-branch --subdirectory-filter modules -- --all
+git remote remove origin
+git remote add legend gitolite3@10.1.0.254:cfengine_modules
+git remote update
+git push legend master
+
+Then in your masterfiles repo:
+
+git submodule update --init --recursive
+
+Note
+====
+Submodules where initialized with :
+git submodule add gitolite3@10.1.0.254:cfengine_stdlib lib
+git submodule add gitolite3@10.1.0.254:cfengine_modules modules
diff --git a/controls/cf_serverd.cf b/controls/cf_serverd.cf
index f0ecac1..38ff3ac 100644
--- a/controls/cf_serverd.cf
+++ b/controls/cf_serverd.cf
@@ -22,6 +22,9 @@ bundle server access_rules()
"$(sys.masterdir)"
shortcut => "masterfiles",
admit => { "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" };
+ "$(sys.masterdir)/modules"
+ shortcut => "modules",
+ admit => { "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" };
"/bin/sh"
admit => { "$(sys.policy_hub)" };
roles:
diff --git a/failsafe.cf b/failsafe.cf
index 354e000..ba33f7d 100644
--- a/failsafe.cf
+++ b/failsafe.cf
@@ -52,6 +52,7 @@ bundle agent failsafe_update {
"$(sys.inputdir)"
copy_from => failsafe_scp("$(masterfiles_dir_remote)"),
depth_search => failsafe_recurse("inf"),
+ action => failsafe_u_immediate,
file_select => failsafe_exclude_vcs_files,
classes => failsafe_results("namespace", "inputdir_update");
inputdir_update_error::
@@ -62,6 +63,14 @@ bundle agent failsafe_update {
classes => failsafe_results("namespace", "inputdir_update"),
comment => "If we failed to fetch policy we try again using the legacy default in case we are fetching policy
from a hub that is not serving masterfiles via a shortcut.";
+ !am_policy_hub::
+ "$(sys.workdir)/modules"
+ copy_from => failsafe_scp("modules"),
+ depth_search => failsafe_recurse("inf"),
+ perms => failsafe_u_m("755"),
+ action => failsafe_u_immediate,
+ file_select => failsafe_exclude_vcs_files,
+ classes => failsafe_results("namespace", "modulesdir_update");
processes:
!(windows|systemd)::
"cf-serverd" restart_class => "cf_serverd_not_running";
@@ -72,7 +81,7 @@ bundle agent failsafe_update {
"$(sys.cf_execd)" classes => failsafe_results("namespace", "cf_execd_running");
cf_serverd_not_running::
"$(sys.cf_serverd)" classes => failsafe_results("namespace", "cf_serverd_running");
- !cfengine3_service_running::
+ !cfengine3_service_running|(systemd.inputdir_update_repaired)::
"/bin/systemctl restart cfengine3"
contain => failsafe_noshell_and_silent,
classes => failsafe_results("namespace", "systemctl_restart_cfengine3");
@@ -180,3 +189,13 @@ body contain failsafe_noshell_and_silent
useshell => "noshell";
no_output => true;
}
+
+body perms failsafe_u_m(p)
+{
+ mode => "$(p)";
+}
+
+body action failsafe_u_immediate
+{
+ ifelapsed => "0";
+}
diff --git a/modules b/modules
new file mode 160000
+Subproject 98c6d3c37ffd4d2721be313e91786e5f55e2602